1. Scope of This Statement
This statement currently covers the following products:
- Campaign Operations Playbook for Confluence
- Content Workflow Templates for Confluence
The general InfraFastlane website privacy policy covers visits to the InfraFastlane website and related website services. This page covers the current Marketplace app runtimes and the way these products are intended to handle customer data.
2. Covered Products
| Product | Current purpose | Runtime model |
|---|---|---|
| Campaign Operations Playbook for Confluence | Structured campaign planning, production, launch, and reporting templates inside Confluence. | Low-permission, copy-oriented Forge global page with static Custom UI. |
| Content Workflow Templates for Confluence | Structured content intake, briefing, review, publishing, and performance templates inside Confluence. | Low-permission, copy-oriented Forge global page with static Custom UI. |
3. Shared Product Security Model
The current InfraFastlane Confluence Marketplace products are intentionally designed as low-permission template libraries. Users can browse, search, preview, and copy template content for use in their own Confluence pages.
The current versions do not automatically create, edit, delete, read, export, or analyze customer Confluence pages.
4. Current Data Handling
| Area | Current behavior across covered products |
|---|---|
| Customer content storage | The current app versions do not store customer content outside Atlassian systems. |
| External backend | The current app versions do not use external backend services. |
| External data egress | The current app versions do not declare external remotes or external egress. |
| End-user data logs | The current app versions are designed not to log End-User Data. |
| Website privacy policy | The InfraFastlane website privacy policy is separate and applies to the website, support contact routes, and other website services outside the app runtimes. |
| Personal access tokens | The current app versions do not require users to provide Atlassian Personal Access Tokens, passwords, or shared secrets. |
5. Product-Specific Runtime Notes
Campaign Operations Playbook for Confluence
The current version provides campaign operations templates inside Confluence. Users can browse, search, preview, and copy campaign planning and execution content into their own Confluence pages.
The current version does not automatically create, edit, delete, read, export, or analyze customer Confluence pages.
Content Workflow Templates for Confluence
The current version provides content workflow templates inside Confluence. Users can browse, search, preview, and copy content operations pages such as intake briefs, editorial planning pages, review workflows, publishing checklists, and performance review templates.
The current version does not automatically create, edit, delete, read, export, or analyze customer Confluence pages.
6. Permissions
The current Forge app versions are intentionally scoped with no Confluence read or write permissions. This matches the current copy-only product behavior and reduces risk for customer Confluence spaces.
Future product versions may add additional functionality only where the required permissions are clearly justified, documented, and reflected in the Marketplace listing and related privacy/security material.
7. Security Contact
Security issues can be reported through the InfraFastlane support page:
Please include the affected product name, a clear description of the issue, steps to reproduce, affected URLs or app areas, and any relevant screenshots or technical details.
Do not include passwords, API tokens, private customer content, or other secrets unless specifically requested through an approved support channel.
8. Vulnerability Handling
Security reports are reviewed during standard support hours. We prioritize issues based on severity, exploitability, customer impact, and whether customer data or app availability may be affected.
If a confirmed security issue affects customers, we will take reasonable steps to remediate the issue, communicate where appropriate, and follow applicable Atlassian Marketplace requirements.
9. Dependencies and Updates
The apps and supporting build process are reviewed before Marketplace submission. Dependency changes, permission changes, external service additions, and data handling changes should be reviewed before release.
Security-relevant updates may be released where needed to maintain product safety, Atlassian compatibility, or Marketplace compliance.
10. Compliance and Certifications
InfraFastlane does not currently claim external security certifications for the covered products on this page.
The apps are designed to minimize data exposure and permissions, but customers remain responsible for evaluating whether the products fit their own legal, privacy, security, procurement, and compliance requirements.
11. Related Pages
- Data Security and Privacy Statement: https://infrafastlane.dev/security/
- End User Terms: https://infrafastlane.dev/terms/
- General Website Privacy Policy: https://infrafastlane.dev/privacy-policy/
- Security Bug Fix Policy: https://infrafastlane.dev/security-bug-fix-policy/
- Security Incident Communication: https://infrafastlane.dev/security-incident-communication/
- Service Level Agreement: https://infrafastlane.dev/sla/
- Support: https://infrafastlane.dev/support/
- Vulnerability Notification: https://infrafastlane.dev/vulnerability-notification/